+Fri Apr 23 00:31:17 1999 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix wrap_size
+ limit so that it correctly calculates its results, and
+ underestimates the correct size instead of overestimating
+ it, and not returning zero all the time. (Which it used
+ to do after the March 25 fix.)
+
Sat Apr 17 01:23:57 1999 Theodore Y. Ts'o <tytso@mit.edu>
* gssapi_krb5.h, copy_ccache.c, get_tkt_flags.c, set_ccache.c:
*max_input_size = req_output_size - headerlen;
}
} else {
- OM_uint32 cfsize;
+ OM_uint32 data_size, conflen;
OM_uint32 ohlen;
+ int overhead;
/* Calculate the token size and subtract that from the output size */
- cfsize = (conf_req_flag) ? kg_confounder_size(context, ctx->enc) : 0;
+ overhead = 7 + ctx->mech_used->length;
+ data_size = req_output_size;
+ if (conf_req_flag) {
+ conflen = kg_confounder_size(context, ctx->enc);
+ data_size = (conflen + data_size + 8) & (~7);
+ }
ohlen = g_token_size((gss_OID) ctx->mech_used,
- (unsigned int) (req_output_size + cfsize +
- ctx->cksum_size + 14));
+ (unsigned int) (data_size + ctx->cksum_size + 14))
+ - req_output_size;
- if (ohlen < req_output_size)
+ if (ohlen+overhead < req_output_size)
/*
* Cannot have trailer length that will cause us to pad over
* our length
*/
- *max_input_size = (req_output_size - ohlen - 1) & (~7);
+ *max_input_size = (req_output_size - ohlen - overhead) & (~7);
else
*max_input_size = 0;
}